<?php
	
	class database {
		/**
		 * The query string.
		 *
		 * @var    string
		 * @since  1.0
		 */		
		private $sql;
				
		/**
		 * The database connection resource
		 *
		 * @var    
		 * @since  1.0
		 */	
		private $resource;
		
		/**
		 * The database connection cursor(result) from the last query.
		 *
		 * @var    
		 * @since  1.0
		 */	
		protected $cursor;
		
		/**
		 * Construct a new connection
		 * 
		 * @param $host
		 *   Host where the database on
		 * @param $user
		 *   Username you use to connect
		 * @param $password
		 *   Password you use to connect
		 * @param $db
		 *   Name of the database
		 * @param $table_prefix
		 *   Prefix for tables
		 *
		 * @since 1.0
		 */
		public function __construct($host, $user, $password, $db) {
			$this->_resource = mysql_pconnect($host, $user, $password) or die("Bad connection.<br />\nPlease check your host, username or password.");
			mysql_select_db($db, $this->_resource) or die("Database not found.");
		}
		
		/**
		 * Check whether the parameter is a correct integer (Prevent SQL Injection)
		 * 
		 * @param $number
		 *   The parameter you want to check
		 * @return
		 *   True or false
		 */
		private function checkInt($number) {
			if ((string)(int)$number == (string)$number) return $number;
			else die("Incorrect parameter");
		}
		
		/**
		 * Check whether the parameter is a correct float (Prevent SQL Injection)
		 * 
		 * @param $number
		 *   The parameter you want to check
		 * @return
		 *   True or false
		 */
		private function checkFloat($number) {
			if ((string)(float)$number == (string)$number) return $number;
			else die("Incorrect parameter.");
		}
		
		/**
		 * Process a string (Chống SQL Injection)
		 * 
		 * @param $text
		 *   Content of the string
		 * @return
		 *   The good string
		 */
		private function checkString($text) {
			
			//Replace all the ' and \ characters to prevent SQL Injection
			return "'" . str_replace("'","\'",str_replace("\\","\\\\",$text)) . "'";
		}
		
		/**
		 * Parse a query
		 * @param $sql
		 *   SQL query
		 * @param $args
		 *   The array of parameters
		 * @return
		 *   The good query
		 */
		private function parseArgument($sql, $args = array()) {
			//$temp stores the result string
			$temp = '';
			
			//$offset stores the current position of %
			$offset = 0;
			
			//$i stores the id of the current arg
			$i = 0;
			
			while (($pos = strpos($sql, '%', $offset)) !== false) {
				$temp .= substr($sql, $offset, $pos - $offset);
				switch ($sql[$pos + 1]) {
					case 'd':
						$temp .= $this->checkInt($args[$i]);
						$i++;
						break;
					case 'f':
						$temp .= $this->checkFloat($args[$i]);
						$i++;
						break;
					case 's':
						$temp .= $this->checkString($args[$i]);
						$i++;
						break;
					case '%':
						$temp .= '%';
						$temp .= $sql[$pos+2];
						$pos++;				
						break;
					default:
						$temp .= '%';
						if ($sql[$pos + 1] != '%') $pos = $pos - 1;
				}
				$offset = $pos + 2;
			}
			$temp .= substr($sql, $offset);
			return $temp;
		}
		
		/**
		 * Excute a query
		 * 
		 * @param $sql
		 *   Query string
		 *
		 * @return
		 *   Result of query
		 */		
		public function query($sql) {
			$args = func_get_args();
			
			//Remove $sql element in $arg array
			array_shift($args);
			
			//Substitue all the arguements
			$this->_sql = $this->parseArgument($sql, $args);
			
			//Execute the query
			$this->_cursor = mysql_query($this->_sql, $this->_resource);
			
			return $this->_cursor;
		}
		
		/**
		 * Get the previous query
		 * 
		 * @return
		 *   Content of the query
		 */
		public function getQuery() {
			return htmlspecialchars($this->_sql);
		}
		
		/**
		 * Get the number of rows after execute the query
		 * 
		 * @return
		 *   Number of rows
		 */
		public function getNumRows() {
			if (!$this->_cursor) return false;
			return mysql_num_rows($this->_cursor);
		}
		
		/**
		 * Get the number of affected rows after execute the query
		 * 
		 * @return
		 *   Number of rows
		 */
		public function getAffectedRows() {
			if (!$this->_resource) return false;
			return mysql_affected_rows($this->_resource);
		}
		
		/**
		 * Check whether none was be returned
		 * 
		 * @return
		 *   True or false
		 */
		public function noRow() {
			return (!$this->getNumRows());
		}
		
		/**
		 * Check whether none was be affected by UPDATE, DELETE or INSERT query
		 * 
		 * @return
		 *   True or false
		 */
		public function noAffected() {
			return (!$this->getAffectedRows());
		}
		
		/**
		 * Fetch result rows from the previous query as an array.
		 * 
		 * @return
		 *   The result array
		 */
		public function getList() {
			$arr = array();
			if (!$this->_cursor) return $arr;
			while ($row = mysql_fetch_assoc($this->_cursor)) $arr[] = $row;
			mysql_free_result($this->_cursor);
			return $arr;
		}

		/**
		 * Return an individual result row from the previous query.
		 * 
		 * @return
		 *   The result row
		 */
		public function getRow() {
			if (!$this->_cursor) return array();
			$val = mysql_fetch_assoc($this->_cursor);
			mysql_free_result($this->_cursor);
			return $val;
		}
		
		/**
		 * Return an individual field from an individual row from the previous query.
		 * 
		 * @return
		 *   The result field
		 */
		public function getField() {
			if (!$this->_cursor) return array();
			$onlyRow = mysql_fetch_assoc($this->_cursor);
			mysql_free_result($this->_cursor);
			$res;
			foreach($onlyRow as $value) {
				$res=$value;
			}
			return $res;
		}
	}
?>